CVE-2026-33281
Denial of Service via Invalid PDU Session ID in Ella Core
Publication date: 2026-03-24
Last updated on: 2026-03-24
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ellanetworks | ella_core | to 1.6.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-129 | The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-33281 is a vulnerability in Ella Core software versions prior to 1.6.0. It occurs because the software does not properly validate PDU Session IDs in NGAP messages, specifically when these IDs are outside the valid range of 1 to 15.
This improper validation leads to an out-of-range access (CWE-129), causing the software to panic and crash when processing such invalid messages.
An attacker can exploit this by sending specially crafted NGAP messages with invalid PDU Session IDs to the Ella Core process, triggering a crash without needing any authentication.
How can this vulnerability impact me? :
This vulnerability can cause a denial of service by crashing the Ella Core process when it receives NGAP messages with invalid PDU Session IDs.
As a result, all connected subscribers relying on the affected Ella Core instance will experience service disruption.
Since no authentication is required to exploit this vulnerability, an attacker with network access can easily cause this disruption.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for crashes or panics in the Ella Core process when it processes NGAP messages with invalid PDU Session IDs outside the range 1-15.
Since the issue is triggered by crafted NGAP messages, network traffic analysis tools can be used to inspect NGAP messages for invalid PDU Session IDs.
Specific commands are not provided in the available resources, but general approaches include:
- Using packet capture tools like tcpdump or Wireshark to capture NGAP traffic and filter for PDU Session IDs outside the valid range.
- Checking system logs or Ella Core logs for panic or crash messages related to NGAP message processing.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade Ella Core to version 1.6.0 or later, where proper validation of PDU Session IDs during NGAP message handling has been implemented to prevent this vulnerability.
Until the upgrade can be applied, consider restricting network access to the Ella Core NGAP interface to trusted sources only, to reduce the risk of receiving crafted malicious NGAP messages.